- https://github.com/swisskyrepo/PayloadsAllTheThings
- https://knowledge-base.secureflag.com/
- https://book.hacktricks.xyz/welcome/readme
- https://www.exploit-db.com/
- https://skf.gitbook.io/asvs-write-ups/
- https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets
- https://exchange.xforce.ibmcloud.com/
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://portswigger.net/burp/documentation/desktop/testing-workflow/authentication-mechanisms/enumerating-usernames
- https://rules.sonarsource.com
- https://owasp.org/www-project-java-encoder/
- https://cheapsslweb.com/resources/encoding-vs-encryption
- https://portswigger.net/web-security/all-topics
- https://www.zaproxy.org
- https://portswigger.net/burp
- https://gchq.github.io/CyberChef/
- https://www.eicar.org/
- https://github.com/frohoff/ysoserial
- https://securitytrails.com/blog/vulnerable-websites-for-penetration-testing
- https://owasp.org/www-project-webgoat/
- https://github.com/blabla1337/skf-labs
- https://hub.docker.com/r/blabla1337/owasp-skf-lab/tags?page=1&name=java
- https://ginandjuice.shop/
- https://demo.testfire.net/
- http://testphp.vulnweb.com/
- https://bwapp.hakhub.net/
- https://github.com/digininja/DVWA